Security and Lock-In

  • Tom Lookabaugh
  • Douglas C. Sicker
Part of the Advances in Information Security book series (ADIS, volume 12)


The cases of set-top boxes in the U. S. cable industry, video games and their cartridges, and printers and their cartridges all illustrate ways in which security technology can play an enhanced role in lock-in of customers by their suppliers through creation of substantial switching costs. Openness of technology, normally an inhibitor of lock-in, can be argued against in the case of security on the basis of a presumed increase in security by keeping details of the security system secret and proprietary. Whether open or not, security technology can be used to make permissible reverse engineering equivalent to an infeasible problem of breaking a cryptographically strong algorithm. And what might appear to be permissible reverse engineering may be conflated with an effort to enable illegitimate piracy and rendered illegal. The extra potential for security technology as a locus of lock-in raises its importance in the strategic considerations of both customers and vendors and for legislators and regulators. Customers will want to consider how to reduce the effect of lock-in, particularly on access to innovation; vendors will want to consider how to increase lock-in where possible, and policy makers will want to consider where the public interest motivates efforts to intervene to mitigate lock-in.


Switching Cost Information Security Reverse Engineering Security Protocol Advance Encryption Standard 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Anderson, R. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York, 2001.Google Scholar
  2. Anderson, R., Security in Open versus Closed Systems-The Dance of Boltzmann, Coase, and Moore. in Open Source Software:Economics, Law and Policy, (Toulouse, France, 2002).Google Scholar
  3. Arthur, W.B. Increasing Returns and Path Dependence in the Economy. The University of Michigan Press, Ann Arbor, MI, 1994.Google Scholar
  4. Baldwin, C. and Clark, K. Design Rules, vol. 1: The Power of Modularity. Boston, MA: The MIT Press, 2000.Google Scholar
  5. Burr, William E.., “Selecting the Advanced Encryption Standard,” IEEE Security & Privacy Magazine, vol. 1, issue 2, Mar–Apr 2003, pp. 43–52CrossRefGoogle Scholar
  6. Clayton Christensen and Michael Raynor, The Innovator’s Solution, Boston, MA: Harvard Business School Press, 2003.Google Scholar
  7. Julie E. Cohen Reverse Engineering and the Rise of Electronic Vigilantism: Intellectual Property Implications of “Lock-Out” Programs in 68 S. Cal. L. Rev. 1091 (1995).Google Scholar
  8. EFF. Unintended Consequences: Five Years Under the DMCA v. 3, September 24, 2003, available at
  9. FCC. Commercial Availability of Navigation Devices, Order On Reconsideration, Section 304 of the Telecommunications Act of 1996, CS Docket No. 97–80, May 13, 1999.Google Scholar
  10. Dan Goodin, “Microsoft, Intel wage war of words,” cnet. news. com, Nov. 12, 1998, at:\_3-217848.html
  11. Andrew Huang, Hacking the Xbox:An Introduction to Reverse Engineering, No Starch Press, July 2003.Google Scholar
  12. Kamien, M. and Schwartz, N. Market Structure and Innovation. Cambridge University Press, Cambridge, UK, 1982.Google Scholar
  13. Kerchoffs, A. La crytpographie militaire. Journal des sciences militaires, IX. 5–38.Google Scholar
  14. T. Lookabaugh, D.C. Sicker, D.M. Keaton, Y.G. Wang, and I. Vedula, “Security Analysis of Selectively Encrypted MPEG-2 Streams,” in Multimedia Systems and Applications VI, Proceedings of the SPIE, vol. 5241, Orlando, FL, 8–9 September 2003.Google Scholar
  15. Henry Chresbrough, Open Innovation, Boston, MA: Harvard Business School Press, 2003.Google Scholar
  16. Liebowitz, S.J. and Margolis, S.E. Winners, Losers & Microsoft. The Independent Institute, Oakland, CA, 1999.Google Scholar
  17. Lipner, S.B:, Security and source code access:issues and realities, in IEEE Symposium on Security and Privacy, (Oakland, CA, 2000).Google Scholar
  18. Neumann, P.G., Robust Nonproprietary Software, in IEEE Symposium on Security and Privacy, (Oakland,CA, 2000).Google Scholar
  19. NIST. Federal Information Processing Standard 46-3, Data Encryption Standard, US Nat’l Inst. Standards and Technology, 1999,
  20. Nowell, P. Small firm irks printer giant; cartridges at center of legal tussle The Seattle Times, Seattle, WA, 2003.Google Scholar
  21. Redding, S. Path Dependence, Endogenous Innovation, and Growth. International Economic Review, 43(4). 1215–1248.Google Scholar
  22. Mark Robichaux, Cable Cowboy: John Malone and the Rise of the Modern Cable Business, Hoboken, NJ: John Wiley & Sons, 2002.Google Scholar
  23. Scherer, F. Changing perspectives on the firm size problem. in Acs, Z. and Audretsch, D. eds. Innovation and Technological Change: An International Comparison, The University of Michigan Press, Ann Arbor, MI, 1991, 24–38.Google Scholar
  24. Schneider, F.B., Open source in security: visiting the bizarre. in IEEE Symposium on Security and Privacy, (Oakland, CA, 2000).Google Scholar
  25. Schneier, B. Open Source and Security Crypto-Gram Newsletter, 1999.Google Scholar
  26. Shapiro, C. and Varian, H. Information Rules: A Strategic Guide to the Network Economy. Harvard Business School Press, Boston, MA, 1998.Google Scholar
  27. TCPA. See, and for a different perspective see
  28. Joanie Wexler, Is Cisco LEAP-frogging the Standards Process? Available at

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Tom Lookabaugh
    • 1
  • Douglas C. Sicker
    • 1
  1. 1.University of Colorado at BoulderUSA

Personalised recommendations